Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-5942

Elytron + https-listener in undertow listener doesn't work with enable-http2 set to "true"

    XMLWordPrintable

Details

    • Hide

      You can use standalone-elytron.xml attached in attachment

      • ./bin/standalone.sh -c standalone-elytron.xml

      Then access this page

      Result: It doesn't work

      If you set "enable-http2" attribute to "false" everything works fine.

      ./subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=enable-http2, value=false)
:reload
      Show
      You can use standalone-elytron.xml attached in attachment ./bin/standalone.sh -c standalone-elytron.xml Then access this page https://localhost:8443/ Result: It doesn't work If you set "enable-http2" attribute to "false" everything works fine. ./subsystem=undertow/server= default -server/https-listener=https:write-attribute(name=enable-http2, value= false ) :reload

    Description

      Reason for BLOCKER priority is that RFE https://issues.jboss.org/browse/EAP7-571 can be verified till will be fixed this issue.

      When I want to use HTTPS settings in combination with Elytron subsystem then I have to set "enable-http2" to "false" value.

      For settings I followed this blog post http://darranl.blogspot.cz/2016/02/wildfly-elytron-ssl-configuration.html
      And as keystore I used default application.keystore

      Actual results:
      Browser cannot load pages over HTTPs when HTTP2 is enabled.
      Chrome show this information:

      Server send no data

ERR_EMPTY_RESPONSE

      and Firefox show this

      Secure connection failed

The connection to XYZ was interrupted while the page was loading.

* The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
* Please contact the website owners to inform them of this problem.

      Expected results:
      Browser can load pages over HTTPs when HTTP2 is enabled

      Attachments

        1. application.keystore
          2 kB
        2. elytron_server_Chrome.log
          537 kB
        3. elytron_server_curl.log
          255 kB
        4. elytron_server_Firefox.log
          508 kB
        5. elytron_wireshark_Firefox.pcapng
          20 kB
        6. server_Chrome.log
          338 kB
        7. server_curl.log
          175 kB
        8. server_Firefox.log
          167 kB
        9. standaloneDR14.xml
          28 kB
        10. standalone-elytron.xml
          26 kB
        11. standalone-elytronDR8.xml
          26 kB
        12. wireshark_Firefox.pcapng
          686 kB

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2509 Elytron + https-listener in undertow listener doesn't work with enable-http2 set to "true"

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved
          is documented by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9689 Update docs about how to set HTTPs + Elytron + HTTP2

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-9193 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta9

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9690 Inadequate security with Elytron + HTTP2

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9703 Elytron + TLSv1.1 + wrap attribute to false results in empty reply from server

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9803 ssl-context attr desc - add mention that unwrapped SslContext is needed for HTTP/2

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              hsvabek_jira Hynek Švábek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: